Email Compromises, Phishing Top Insider Threats

Security and risk (S&R) pros have the challenging task of using finite resources (including budget, time, and people) to protect their businesses from every possible attack type. But they can zero in on the employee threat, given that more than a third of firms have experienced some information loss, theft or attack via email within the past two years, with phishing attacks being most common.

According to Forrester Consulting research, S&R decision-makers face threats from three groups of insiders—compromised accounts (internal accounts that have been compromised by external attacks), careless misuse (internal policy violators and those who accidentally leak or expose data or systems) and malicious insiders (insiders who purposefully take or misuse data or exploit systems).

Nearly two-thirds of the firms in our study had experienced a security incident involving a compromised account in the past two years, while 57% had an incident stemming from careless misuse and 41% from a malicious insider in that same period. Tellingly, only 1% said they had no incidents involving insiders.

But email remains a critical component of day-to-day business activity, and a significant channel through which employees interact with one another and the outside world. It’s no surprise then that email also represents one of the most significant, ongoing security vulnerabilities for many enterprises.

The survey, commissioned by Mimecast, found that almost every firm (99%) experienced some form of insider security incident within the past two years, with more than four out of 10 firms reporting a phishing attack during that time. The effects of successful phishes are significant: Three -quarters of respondents said compromised accounts had a significant or moderate financial impact, and 68% said they had a significant or moderate productivity impact.

Meanwhile, about 64% said malicious insiders caused a significant or moderate financial impact, and 57% said it had a significant or moderate productivity impact, with careless misuse creating financial issues for 61% and productivity impacts for 54%.

“Internal threats, specifically ones that use email, must be taken seriously by S&R decision-makers,” the survey concluded. “Fortunately, firms recognize the danger and are responding by investing in technology that can help defend against these threats. However, too many S&R professionals are focused on basic defensive capabilities, thereby potentially missing out on advances in security technologies that are more suited to defend against today's threats.”